Device restrictions during events

ABSTRACT

A system and method for controlling functions on devices is disclosed. An occurrence of a start of an event is determined. Based on determining the occurrence of the start, a respective registration of a respective device associated with a respective attendee of the event is received. Based on receiving the respective registration and determining the occurrence of the start of the event, temporary restrictions are applied to the respective device from which the respective registration is received. Based on determining an occurrence of an end of the event, the temporary restrictions are removed from the respective device.

FIELD OF THE DISCLOSURE

The present disclosure generally relates to electronic deviceoperations, and more particularly to restricting selected functions ofelectronic devices.

BACKGROUND

Electronic devices, such as smartphones, computers, and the like,include various functions, such as capturing and sending images orsounds collected by various sensors such as cameras and microphones,that can affect the security of the environment in which the electronicdevices are present. Inadvertent or unauthorized activation of thesefunctions may be a concern in some environments, particularly duringcertain events such as meetings in which sensitive matters or materialsare discussed or presented. At some such events, electronic devices haveto be checked at the door. Checking devices at the door of an event, andthen having to retrieve them after the event, may be inconvenient andtime consuming for both attendees and hosts of the event.

Many electronic devices include facilities for disabling functions, butconfiguring all of the required functions to be disabled can be manuallyintensive. Further, relying on individual configurations for an eventmay not be sufficiently reliable to fully ensure that all devices takeninto an event have disabled all functions that the event host requiresto be disabled. Further, some functions that should be disabled may beenabled on some devices during the event either inadvertently,unintentionally, intentionally, through surreptitious techniques, forother reasons, or combinations of these. Also, re-enabling the functionsthat were disabled for the event can be laborious for the user of thedevice.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying figures where like reference numerals refer toidentical or functionally similar elements throughout the separateviews, and which together with the detailed description below areincorporated in and form part of the specification, serve to furtherillustrate various embodiments and to explain various principles andadvantages all in accordance with the present disclosure, in which:

FIG. 1 illustrates a device restricted event, according to an example;

FIG. 2 illustrates an example event attendee list, according to anexample;

FIG. 3 illustrates an example user device block diagram, according to anexample;

FIG. 4 illustrates an event definition process, according to an example;

FIG. 5 Illustrates an event policy enforcement process, according to anexample; and

FIG. 6 is a block diagram of an electronic device and associatedcomponents in which the systems and methods disclosed herein may beimplemented.

DETAILED DESCRIPTION

Detailed embodiments are disclosed herein; however, it is to beunderstood that the disclosed embodiments are merely examples and thatthe systems and methods described below can be embodied in variousforms. Therefore, specific structural and functional details disclosedherein are not to be interpreted as limiting, but merely as a basis forthe claims and as a representative basis for teaching one skilled in theart to variously employ the present subject matter in virtually anyappropriately detailed structure and function. Further, the terms andphrases used herein are not intended to be limiting, but rather, toprovide an understandable description of the concepts.

The terms “a” or “an”, as used herein, are defined as one or more thanone. The term plurality, as used herein, is defined as two or more thantwo. The term another, as used herein, is defined as at least a secondor more. The terms “including” and “having,” as used herein, are definedas comprising (i.e., open language). The term “coupled,” as used herein,is defined as “connected,” although not necessarily directly, and notnecessarily mechanically. The term “configured to” describes hardware,software or a combination of hardware and software that is adapted to,set up, arranged, built, composed, constructed, designed or that has anycombination of these characteristics to carry out a given function. Theterm “adapted to” describes hardware, software or a combination ofhardware and software that is capable of, able to accommodate, to make,or that is suitable to carry out a given function.

The below described systems and methods provide an ability to controlfunctions within devices associated with attendees of an event. In thefollowing discussion, control of a particular function is referred to asapplying a restriction on the device for that function. A restriction inthis context is intended to be broadly understood to include any type ofcontrol on the function including, without limitation, disabling thefunction, reducing the extent of operation of the function, performingany other control on the function, or combinations of these. In someexamples, implementing a control on a device may involve applying arestriction that reduces limitations that were imposed on the device.For example, a device may have a first configuration that prohibitsaccessing certain external servers or functions. In such an example, atemporary restriction may be imposed on the device that allows thedevice to access some of those external servers or functions. In thatexample, a restriction is imposed on the device that is less restrictivethat its previous first configuration.

In general, the systems and methods described below are applicable toany type of device. In various examples, these systems and methods areapplicable to any type of electronic device that is able to be used inany type of operational environment. For example, these systems andmethods can be incorporated into one or more of portable electronicdevices, which include devices that are easily carried by a person orother carrier; or mobile devices, which include devices mounted inmovable systems such as vehicles of any type. In various examples, theseelectronic devices are able to be located in vehicles that include, butare not limited to, motor vehicles (e.g., cars), but also aircraft,spacecraft, watercraft, railed vehicles, or other vehicles. Theseelectronic devices are also able to include fixed devices, which includedevices that are not designed to be easily or often relocated such asdesktop electronic equipment; other types of electronic equipment, orcombinations of these.

In an example, an event is able to be a scheduled meeting in whichsensitive information will be discussed and presented. The organizer orhost of this meeting may require, for example, that all electronicdevices brought into the meeting have their cameras and microphonesdisabled in order to prevent an attendee from recording any of theinformation that is discussed or presented. In that example, temporaryrestrictions to be specified for this event, i.e., the meeting in thisexample, include disabling the camera and disabling the microphone ofeach electronic device brought into the event.

An organizer or host in an example is able to define various aspects ofthe event. Examples of data that can be included in the aspects of anevent defined by an organizer or host are dependent upon the needs ofthe event or organizer. Examples of items defined as event aspects caninclude, for example, a start time and an end time for the event, a listof temporary restrictions applied to electronic devices brought into theevent, control characteristics that are required of devices brought intothe event, a specified list of attendees for the event, other aspects,or any combination of these. The event in various examples is able to bedefined in various ways. In an example, a start time for the event isable to be specified. A duration or end time of the event is also ableto be specified to define the time duration of the event during whichtemporary restrictions will be imposed on electronic devices within theevent.

In an example, events are able to be defined without a pre-arrangedschedule. For example, an organizer or host is able to define variouscharacteristics of the event, such as control characteristics that arerequired of devices that are to be brought into an event, restrictionsto be applied during the event, other aspects, or combinations of these.In an example, a start of an event is able to be determined based ondevices registering for the event, such as by one or more of thetechniques described below. The end of the event is then able to bedetermined when attendees register their departure from the event, whenthe host provides an indication of the end of the event, based on othertechniques, or by combinations of these. Such events that do not have apre-arranged schedule are referred to herein as ad-hoc events.

In defining an event, a host is able to specify control characteristicsthat are required to be present in devices that are allowed to bebrought into the event. An example of such control characteristics thatare required of devices brought into an event are pre-requisitecharacteristics of the device that are able to be categorized into 2areas. A first area includes a control mechanism of the device thatsupports implementing a secure configuration. Examples of such secureconfigurations include, for example, specific security configurationsthat are already in place such as security configurations and functionsto implement data protection, ensuring a device is enabled according tocriteria set forth in accordance to techniques coordinated by theNational Information Assurance Partnership (NIAP), other controlmechanisms, or combinations of these. In addition to these controlmechanisms, an event is able to specify that a device brought into themeeting is required to have a secure operational state, such as byverifying the device is secure and has no history of intrusions.

The below described systems and methods operate in an example to: 1)ensure that all devices entering the event have an ability to implementthe specified temporary restrictions for the event; 2) impose thosespecified temporary restrictions on devices in the event for theduration of the event; and 3) remove those specified temporaryrestrictions from those devices after the event. In general, anyfunction of an electronic device is able to be controlled or restrictedby the below described systems and methods, for example, temporaryrestrictions are able to be placed upon functions related to theoperation, use, other aspects, or combinations of those of, for example,GPS receivers or location reporting, Near Field Communications (NFC)devices, Bluetooth interfaces, other peripherals, or combinations ofthese.

In some examples, an event organizer is able to designate one or moreusers as “event hosts” of the event. In an example, event hosts aregranted a temporary authority to impose temporary restrictions on otheruser devices that are to be imposed during a particular event. In anexample, a user device control system such as an Information Technology(IT) policy server operating as part of or in conjunction with a MobileDevice Manager (MDM) system is able to provide facilities to controlvarious functions of user devices. The event host in an example istemporally granted authority with the user device control system tocontrol one or more functions of the devices used by attendees of theevent. In an example, a host is able to operate by using any deviceassociated with that host. Examples of devices associated with a hostinclude, but are not limited to, any device assigned to that host, anydevice into which a host has entered identification credentials (such aslogin information), any device associated with the host according to anysuitable criteria, or combinations of these.

In some examples, event hosts are able to perform actions to impose ormodify temporary restrictions on devices carried into an event. Forexample, an event is able to be set up with specific start and end timeswhere one or more event hosts are defined. The one or more event hostsin an example are granted proxy administrative capabilities by the userdevice control system for the duration of the event. The one or moreevent hosts in an example are then able to define or redefine temporaryrestrictions to be imposed on electronic devices that are brought intothe event. In some examples, the control actions performed by the eventhosts are logged by the device control system to support auditing ofactions taken and the status of devices during the event.

As attendees arrive for the event, each attendee in an example registershis or her device. Registering a device may be performed via interactionwith a registration device at or near the event, via interaction with adevice associated with an event host, via any other technique, orcombinations of these. For example, registration of a device is able tobe based on an exchange of data using Near Field Communications, e.g.,by using an “NFC tap” with a registration device placed near the event,with a device associated with one of the event hosts, with otherdevices, or with combinations of these. In some examples, a device isable to be automatically registered at the start of the event withoutthe device interacting with a device at the event. In various examples,devices entering the event may register based on communicating, such asvia an NFC tap, with other devices; automatically based on a occurrenceof a start time of the event, by any suitable technique, or bycombinations of these.

In an example, one or more actions are able to occur in response to adevice registering its attendance at the event. For example, thefunctions of the device will be controlled or restricted in accordanceto the temporary restrictions defined for the event (e.g. camera andmicrophone are disabled) when the device is registered. In someexamples, the device provides authentication of device characteristicsvia a report of operational state and configuration settings and sendsan authenticated report of its capabilities and verification of thesuccessful implementation of the settings to implement the temporaryrestrictions defined for the event. In further examples, the host,administrator, other entity, or combinations of these, is givenvisibility to each registered device along with a selected set of devicecharacteristics for each device. In an example, such reports,verification, and visibility are provided by user device controlsystems, such as Mobile Device Monitoring (MDM) systems and enterprisepolicy servers.

At the end of the event, each user registers his or her departure in anexample and the temporary restrictions on his or her device arereleased. In an example, the standard IT policy settings defined for thedevice, such as by an enterprise IT policy server, are restored in eachdevice. Registering a device's departure is able to be by any suitabletechnique, such as by an NFC tap with a device located near the event,with a device associated with an event host, with another device, by anyother technique, or by combinations of these. In some examples, anadministrator, an event host, another entity, or combinations of these,is notified immediately upon registration, such as immediately upon anNFC tap by an attendee's device, that the device's settings or othercharacteristics do not meet the requirements for the event. The eventhost in various examples is then able to take various actions, such asexcusing the attendee from the event or requiring the attendee's deviceto be left at the door.

In an example, a geographic region, such as a meeting room, is able tobe associated with the event, and registration of a device is able to bebased on determining that the device is entering or is located withinthat geographic region. Departing the event is similarly able to bebased on determining, in some examples, that the device is not in thatgeographic region or is leaving that geographic region.

In some examples, a meeting scheduling system is able to be used toautomatically perform some or all functions associated with registrationof arrival, registration of departure, other registrations, orcombinations of these. In some of these examples, determinations basedon time, locations of user devices, other determinations, orcombinations of these, are able to be used in addition to, or in placeof, an attendee's registration with an event host. For example, ameeting may be defined to have a list of attendees, have a list oftemporary restrictions, occur between a start time and an end time, andto be held in a geographic region such as a meeting room. The meetingscheduling system is able to send meeting invitation to each attendeefor this meeting. That invitation is able to include the above listeditems specified for that meeting. The meeting scheduling system willkeep track of which attendees have accepted the invitation. In oneexample, the temporary restrictions that are specified for this meetingare applied for the duration of the meeting to the devices of allattendees who accepted the invitation. In another example, the temporaryrestrictions are placed on all devices within the specified meeting roomfor the duration of the meeting.

In some examples, temporary restrictions are imposed on electronicdevices via an enterprise user device control system such as an ITpolicy server operating with a Mobile Device Management (MDM) system. Inan example, devices associated with individuals from differentcorporations or other entities are able to be controlled via, forexample, inter-operating user device control systems that may implementa “secure community sever” concept.

In an example, pre-requisite device characteristics are able to bespecified for devices that are allowed within an event. For example, anevent may be set up to specify that all devices must support certaindata protection techniques. In some examples, an event definition mayspecify that devices must be compliant with criteria defined by theNational Information Assurance Partnership (NIAP). In an example,devices may be specified to require supporting certain data protectionoperations, such as operations or functions to protect Data At Rest.

In an example, the event definition may further specify device specifictemporary restrictions to be imposed on functions of devices that areallowed into the event, such as a specification that the camera of thedevice is to be disabled for the duration of the event. In anotherexample, temporary restrictions for an event are able to specify alimited number of restricted operations. For example, an event may havespecified temporary restrictions that allow a certain number of picturesto be taken during the event by specified individuals within a specifiedtime window or at a given physical location.

FIG. 1 illustrates a device restricted event 100, according to anexample. The device restricted event 100 depicts an example of an eventwhere a number of attendees are present within a room 102. In furtherexamples, events are able to include function or experience with one ormore attendees and can include attendees who are located at any numberof locations. In a further example, an event is able to be a virtualgathering or meeting where attendees are able to be located in multiplerooms, attendees are able to connect remotely to a virtual presenceserver, or combinations of these. The device restricted event 100 is anexample of an event during which electronic device carried by attendeesof the event are required to have one or more temporary restrictionsplaced on some of their functions.

In some alternative examples, the device restricted events are able tobe conducted with attendees who are not within a defined area, such asthe room 102. For example, an alternative device restricted event thatutilizes the systems and methods described below is able to occur in avirtual environment. Such alternative device restricted events are ableto include virtual meetings where the attendees are able to be locatedin multiple rooms, where attendees are able to remotely connect to theactivities of an event by various techniques, where attendees are ableto be located and communicate by any suitable technique, or combinationsof these.

The room 102 in an example defines a geographic location for a devicerestricted event 100. In various examples, a geographic location is ableto be an enclosed area, such as the room 102, an open area, such as apatio, field or other outdoor region, other types of areas, orcombinations of these.

The room 102 shows three people, a first person 106, a second person108, and a host 110. The first person 106 has a first device 120, thesecond person 108 and a second device 122, and the host 110 has a hostdevice 124. In this illustrated example, each of these devices is aportable electronic device. In further examples, any type of device thatis within the room 102, or other area of an event, is able to havetemporary restrictions placed on its functions for the duration of anevent. In various examples, temporary restrictions are able to be placedon any type of device, including without limitation desktop computers,installed devices, devices located temporarily in the room 102, anyother type of device, or combinations of these.

The room 102 is shown to have a door 140 as the only entrance into theroom 102. A registration station 104 is positioned at the door 140 toallow attendees entering the room 102 through the door 140 to registertheir devices. In an example, the registration station 104 includes aNear Field Communications (NFC) device to allow attendees enteringthrough the door 140 to “tap” the NFC device at the registration station104 and register his or her device. In further examples, the host 110,or another person such as a security assistant, is able to be positionednear the door 140 and use his or her device as a registration device bywhich attendees can register their device via, for example, performingan NFC tap with the host device 124 or a device used by the other personsuch as the security assistant.

In the illustrated example, a user device control system 130 managesoperating temporary restrictions on the user devices, such as the firstdevice 120 and the second device 122. An example of a user devicecontrol system is a Mobile Device Management (MDM) system that mayoperate in conjunction with other enterprise Information Technology (IT)security servers and systems. The user device control system 130communicates with user devices, such as the first device 120 and seconddevice 122, via a data link 136. In an example, the data link 136 isable to include a secured Wi-Fi® data communications link. In furtherexamples, the data link 136 is able to include any combination of wiredcommunications links, wireless communications links, or othercommunications links.

The user device control system 130 exchanges enterprise defined deviceconfigurations with an IT policies storage 132. The IT policies storage132 in an example stores enterprise Information Technology policydefinitions that specify configurations for various user devices. The ITpolicies storage 132 in an example stores the device configurations thatare to be imposed on user devices associated with an enterprise, as areable to be imposed via a Mobile Device Management system.

The user device control system 130 further receives device temporaryrestrictions specified by an event definition system 134. The eventdefinition system 134 is an example of a system that creates or storesdefinitions for events that include, for example, parameters,attributes, other aspects, or combinations of these, for events such asthe illustrated device restricted event 100. The event definition system134 in an example provides a definition for an event to the user devicecontrol system 130 in order to cause the temporary restrictions definedfor that event to be imposed on the devices brought into the event. Inan example, the definition for the event is able to include, withoutlimitation, one or more of an event start time, an event end time, alist of temporary restrictions for functions of devices brought into theevent, a list of attendees, a specification of one or more hosts for theevent, other information or aspects of the event, or any combination ofthese. In an example, a designated host for the event is able to modify,for example, temporary restrictions, attendees, or other information,about the event either before the event, during the event, or both.

FIG. 2 illustrates an example event attendee list 200, according to anexample. The example event attendee list 200 depicts attendees for aplanned event, such as the above described device restricted event 100.The example event attendee list 200 is able to be generated with datacreated or maintained by one or more of the above described eventdefinition system 134, user device control system 130, other systems, orcombinations of these.

The example event attendee list 200 includes a name column 210, a devicecontrol characteristics compliance column 212, and an administrativeauthority column 214. The name column 210 lists names of attendees. Invarious examples, a name column 210 is able to contain any one or moreidentifiers of each attendee, such as names, employee numbers, otheridentifiers, or combinations of these. The illustrated example eventattendee list 200 includes four names, Jack 220, Jill 222, Jane 224, andKim 226. Each of these names has an associated row of information thatdepicts information about that attendee related to the event.

The device control characteristics compliance column 212 reflectswhether a user device associated with that attendee has appropriatecontrol characteristics for the event. In an example, an eventdefinition is able to specify various control characteristics that arerequired of devices brought into the event. For example, an event mayspecify that devices brought into the event are operating in compliancewith the National Information Assurance Partnership (NIAP) requirementsfor that particular type of device. Operating in compliance with NIAPrequirements in an example ensures that the device is able to reliablyimpose specified temporary restrictions on its functions as can bespecified for various events. In an example, the data in the devicecontrol characteristics compliance column 212 is determined based upon avalidated report received from each device associated with an attendeethat indicates the capabilities of the device. In an example, MobileDevice Management (MDM) clients on each device are able to reliablydetermine and report the capabilities of each device, including whetherthe device has the specified control characteristics, such as NIAPcompliance. In another example, a database of devices, such as may bestored by the user device control system 130, is able to storecharacteristics of each device, such as whether the device has thespecified control characteristics.

The device control characteristics compliance column 212 includes afirst device control characteristics compliance check mark 230 thatindicates that Jack 220 has a mobile device that has the device controlcharacteristics specified for the event. A second device controlcharacteristics compliance check mark 232 and a third device controlcharacteristics compliance check mark 236 indicate that Jill 222 and Kim226 both also have devices that have device control characteristicsspecified for the event. A first device control characteristicscompliance cross mark 234 indicates that Jane 224 has a device that doesnot have the device control characteristics specified for the event. Inan example, Jane 224 may not be allowed to attend the event because herdevice does not have the device control characteristics specified forthe event, or she may be required to leave the device outside of theevent.

The example event attendee list 200 includes an Administrative Authoritycolumn 214. The Administrative Authority column 214 indicates whetherthe particular attendee will have administrative authority for theevent. In an example, one or more event hosts are able to be givenadministrative authority for the event. The administrative authority inan example allows the particular attendee to define, modify, cancel, orotherwise control various aspects of the event. For example, an attendeewith administrative authority is able to add or remove attendees for theevent, add, remove, modify, or otherwise control temporary restrictionson functions of devices allowed into the event, perform other controls,or combinations of these. In an example, devices associated withindividuals with administrative authority are able to be used to allowother attendees to register his or her device for the event, such as byan NFC tap. In various examples, individuals who will not attend theevent are able to be given administrative authority for the event. Invarious examples, different individuals for a particular event are ableto be given different types or levels of administrative authorities forthe event.

The example event attendee list 200 has a first administrative authoritycross mark 240 for Jack 220, a second administrative authority crossmark 244 for Jane 224, and a third administrative authority cross mark246 for Kim 226. These cross marks indicate that these attendees do nothave administrative authority for the event. A first administrativeauthority check mark 242 indicates that Jill 222 has administrativeauthority. In various examples, different individuals for a particularevent are able to be given different types or levels of administrativeauthorities for the event. In some such examples, a specification ofauthorities that are provided to each individual is stored in an eventattendee list as opposed to the mere “yes/no” indication foradministrative authority as depicted by the example event attendee list200.

FIG. 3 illustrates an example user device block diagram 300, accordingto an example. The example user device block diagram 300 depicts anexample of processing components within a user device that is able to becontrolled in accordance with temporary restrictions specified forparticular events. The example user device block diagram 300 depicts anexample of components contained within the first device 120, seconddevice 122, and the host device 124.

The example user device block diagram 300 includes a processor 302 thatperforms various computational or control functions associated with theoperation of the example user device block diagram 300. In variousexamples, the processor 302 includes a memory to store data used tosupport the computations as well as to start program executableinstructions use to direct the processing performed by processor 302. Invarious examples, processor 302 performs a number of functionsassociated with operation of an electronic device. In order to moreconcisely describe the relevant aspects of the systems and methodsdescribed herein, the following description focuses on processingassociated with the temporary control of functions performed byelectronic devices.

The example user device block diagram 300 includes a communicationscomponent 306. In various examples, the communications component 306performs communications with other electronic devices over any suitablelink. In some examples, the communication component 306 communicates viawireless data links of any suitable type. In further examples, thecommunications component is able to communicate over any one or moretypes of wireless communications links, wired communications links,other communications links, or combinations of those.

The example user device block diagram 300 includes a number of sensorsthat produce various types of information received by the processor 302.The processor 302 in various examples is able to perform any type ofprocessing of the data received from these sensors. Information receivedfrom these sensors is able to be, for example, processed to presentvarious derived information to a user of the example user device. Insome examples, information received from these sensors is able to berelayed to other devices via the communications component 306.

A location sensor 310 is shown that in an example determinesgeographical locations of the device, such as in conjunction with theGlobal Positioning System (GPS) or similar radio navigation system. Thelocation sensor 310 provides location information to the processor 302for various processing. A camera 312 is able to capture images in anexample and provide those images to the processor 302. A microphone 314captures audio signals in the vicinity of the example user device andprovides those signals in a suitable form to the processor 302. Othersensors 316 in an example operate to determine information in theenvironment of the example electronic device and then provide thatinformation in a suitable format to the processor 302. In variousexamples, data received from these sensors is processed by the processor302 and sent to other devices via the communications component 306. Inan example, temporary restrictions specified to be imposed during eventsincludes temporary restrictions on functions related to the operation ofthe sensors, such as the location sensor 310, camera 312, microphone 314or other sensors 316. For example, temporary restrictions imposed duringan event may prohibit the capturing, sending, or both, of images orsounds that could be captured by the camera 312 or microphone 314.

Two processing components, a device control component 320 and a policyenforcement component 322, are depicted as included in the illustratedprocessor 302. These components in an example include computer readableprogram code executed by the processor 302 to perform various functions.The device control component 320 operates to control the operation ofvarious parts of the example user device. The device control component320 in an example controls operation of the various sensors of theexample user device, including the above described location sensor 310,camera 312 microphone 314 and other sensors 316.

The policy enforcement component 322 operates to implement IT policiesdefined for the example user device. In an example, the policyenforcement component 322 receives IT policies from a policiesrepository 304. The illustrated policy repository 304 includesenterprise polices 340, which are policies defined, for example, by anenterprise Information Technology (IT) department to define temporaryrestrictions on the operations of electronic devices used by personsassociated with the enterprise. The illustrated policy repository 304 inthis example includes event policies 342. The event policies in thisexample define temporary restrictions on functions performed by theprocessor 302 during defined events, as is defined in further detailbelow.

FIG. 4 illustrates an event definition process 400, according to anexample. The event definition process 400 is an example of a processthat sets up, or defines, the relevant aspects of an event. In anexample, an event organizer who is setting up the event performs theevent definition process 400 to configure various elements of anenterprise Information Technology (IT) department to implement thetemporary restrictions on functions performed by devices at the event.In an example, the event definition process 400 is performed via a userinterface provided by an IT policy server adapted to implement devicetemporary restrictions during an event.

The event definition process 400 in an example starts when an organizer,at 402, begins configuring an event. In the following example,configuring an event includes defining an event definition that includesa time period during which temporary restrictions are imposed on devicesbrought into the event. In a further example, an “ad-hoc” event is ableto be initiated by a host without having a pre-time period. Such ad-hocevents are able to be defined to occur between any suitable occurrences.In an example, an ad-hoc event is able to occur between times whereattendees register their devices and de-register their devices. Examplesof data that is able to be defined by an organizer in defining an eventdefinition, but which are not required to define the event definition,include, without limitation, defining the temporary restrictions to beapplied during the event, defining control characteristics for devicesallowed into the event, defining the start time of the event, definingthe end time of the event, or combinations of these.

The event definition process 400 in some examples identifies, at 403,one or more hosts for the event. In further examples, an event is ableto not have a defined host. In an example, identification of one or morehosts is received from the organizer of the event. A determination, at404, is made as to whether one or more hosts are to be authorized tomodify the event definition. In some examples, one or more persons areable to be defined as hosts that are given privileges in a user devicecontrol system to modify some or all parameters in the definition of anevent. For example, a device associated with such a host is able to beused to modify event attendee lists, modify temporary restrictionsimposed on devices in the event, modify the start time of the event,modify the end time of the event, modify other parameters of the event,or combinations of these. If one or more hosts are to be anadministrator, administrator specifications are received, at 406. In anexample, administrator specifications include identifiers of individualswho are to be the hosts, specifications of the authorizations to beextended to each hosts, other specifications, or combinations of these.For example, administrator specifications may only allow devicesassociated with specified persons to modify temporary restrictions oncameras during the event.

The event definition process 400 specifies, at 408, device temporaryrestrictions to be imposed during the event. Specification of devicetemporary restrictions in an example is able to be provided by an eventorganizer. In further examples, device temporary restrictions forvarious categories of events are able to be stored by a system andselected by the organizer as these specifications.

A start time and an end time are specified, at 410, for the event. Thisspecifies the time duration for which the temporary restrictions,specified above, are imposed on devices at the event.

Attendees for the event are specified in an example, at 412. Specifyinga list of attendees in an example is able to restrict the persons to beadmitted to the event. In a further example, specifying a list ofattendees is merely a basis for informing those specified attendees ofthe event and is not used as a restriction for persons who are admittedinto the event.

An invitation is sent, at 414, to the specified attendees. Theinvitation in an example includes the specified start time, specifiedend time, specified control characteristics for devices allowed into theevent, and device temporary restrictions for the event. In an example,the device temporary restrictions specified in the invitation are ableto be received by devices to be brought into the event and automaticallyimposed by the device during the specified time of the event (e.g.,between the specified start time and the specified end time).

A determination is then made, at 416, if the host is allowed to modifythe event attendee list or temporary restrictions to be imposed ondevices. If this determining is true, a policy server in an example isconfigured, at 418, to allow the specified host to modify the specifiedparameters with a range for the event. In an example, this configurationmay allow the host to add or delete a specified number of attendees tothe event attendee list. In another example, the host may be specifiedto only be able to modify certain temporary restrictions of functions ofdevices, such as only allowing camera operations for a specified timeduration during the event. The event definition process 400 then ends.

FIG. 5. Illustrates an event policy enforcement process 500, accordingto an example. The event policy enforcement process 500 is an example ofa process performed by the policy enforcement component 322 describedabove.

The event policy enforcement process 500 determines, at 502, if a starttime of an event has occurred. In an example, the time of event isdetermined based an occurrence of a specified start time for an event.

Once a time of an event has occurred, a determination is made, at 504,as to whether a host is to have privileges. In some examples, hosts areprovided with privileges at various times, such as when an ad-hoc eventis determined to have started. Examples of privileges provided to one ormore hosts include modifying temporary restrictions on functions ofdevices, modification of event start time, end time, event attendeelist, other aspects of the event, or combinations of these. In general,one or more persons are defined as a host to also allow attendees toresister their devices with one of the defined hosts. For example, anattendee is able to register his or her device by an NFC tap with adevice associated with a defined host.

If it is so determined, the policy server in an example is configured,at 506, to provide the specified host with the specified privileges.Host defined modifications to the event specifications are configured tobe allowed, at 508. In general, host defined temporary restrictions areable to be received from the one or more specified hosts at any time Insome examples, the host may be limited to making such changes onlyduring the event.

After determining a host is not to have privileges, or after allowingreceipt of host device specified modification, a determination is made,at 510, as to whether a device associated with a user on attendee listfor the event is registering its arrival at the event. Registration isable to be by any suitable technique, such as by that device making anNFC tap with a device associated with a host defined for the event. Insome examples, an attendee list is defined for the event andregistration of the device is only accepted if the device is associatedwith a user on the attendee list. In further examples, registration of adevice is not based on the device being associated with a user on anattendee list. In various examples, the events may not have an attendeelist or an attendee list is not a basis for accepting a device'sregistration, and is not a basis for applying temporary restrictions onthe device during the event. Because receiving this registration isdetermined after determining the start time of the event, at 502, it isbased on determining the occurrence of the start time of the event.

If it is determined that a device associated with an attendee registers,a determination is made, at 512, if the attendee's device satisfies thecontrol requirements specified for the event. In some examples, it isable to specify that devices brought into an event are to have specifiedcontrol characteristics, such as appropriate security configurations andverification of a secure operations state. In an example, the eventdefinition may specify that all devices are to have an appropriate NIAPcertification to ensure that their functions can be adequately andreliably restricted. This determination is also able to includerequiring receipt of a validated report from the device verifying theintegrity of operations to restrict its functions, such as verifying theintegrity of the device's IT policy control components.

If this determination is that the device does not meet the requirements,the device is disallowed, at 514. By being disallowed, the holder of thedevice may have to leave the device outside of the event, or that holdermay not be allowed admission to the event. In an example, a notificationis provided that the device does not have the capability to implementthe temporary restrictions. Such a notification is able to be providedin an example to a host, a guard, to other entities, to prevent thedevice from being brought into the event. For example, such notificationto a guard at the event may cause the guard to not allow the attendee toenter, or to require the attendee to leave the device outside of theevent.

If it is determined that the device satisfies the control requirements,the temporary restrictions specified for this event are applied, at 516.In an example, successful completion of the application of temporaryrestrictions is able to require receiving a validated report that thespecified temporary restrictions have been imposed on the functions ofthe device. In an example, various Mobile Device Management platformsare able to provide a sufficiently validated and verified report toensure the specified temporary restrictions have been reliably imposed.

After applying the temporary restrictions, or if no attendee isdetermined to register in this iteration, a determination is made, at518, as to whether the host has modified any temporary restrictions. Ifthe host has modified temporary restrictions, the new temporaryrestrictions are received, at 520, and those temporary restrictions areapplied, at 516.

If the host has not modified temporary restrictions, a determination ismade, at 522, as to whether the event is over. Determining if the eventis over in an example is based on determining that the specified endtime or the specified duration for the event has past. The end time forthe event is able to be specified according to various techniques, suchas specifying the end time directly, specifying an event duration thatcan be combined with the event start time to determine the end time, byother techniques, or by combinations of these. If it is determined thatthe event is not over, the event policy enforcement process 500 returnsto determining, at 510, if an attendee device is registering its arrivalat the event. If the event is determined to be over, the temporaryrestrictions specified for the event are removed, at 524. The hostprivileges are also removed, at 526. The event policy enforcementprocess 500 then ends.

FIG. 6 is a block diagram of an electronic device and associatedcomponents 600 in which the systems and methods disclosed herein may beimplemented. In some examples, electronic devices support datacommunications without supporting voice communications. For example,some electronic devices support data communications via a local datacommunications network, such as a WiFi® network. In some examples,devices may support voice communications via various techniques, such asVoice over Internet Protocol (VoIP), using systems such as BlackBerryMessenger® Voice, other voice over data systems, or combinations ofthese. Such electronic devices communicate with a wireless voice, textchat, or data network 650 using a suitable wireless communicationsprotocol. Wireless voice communications are performed using either ananalog or digital wireless communication channel. Data communicationsallow the electronic device 652 to communicate with other computersystems via the Internet. Examples of electronic devices that are ableto incorporate the above described systems and methods include, forexample, a data messaging device, a two-way pager, a cellular telephonewith text and data messaging capabilities, a wireless Internet applianceor a data communication device that may or may not include telephonycapabilities.

The illustrated electronic device 652 is an example electronic devicethat includes two-way wireless communications functions. Such electronicdevices incorporate communication system elements such as a wirelesstransmitter 610, a wireless receiver 612, and associated components suchas one or more antenna elements 614 and 616. A digital signal processor(DSP) 608 performs processing to extract data from received wirelesssignals and to generate signals to be transmitted. The particular designof the communication system is dependent upon the communication networkand associated wireless communications protocols with which the deviceis intended to operate.

The electronic device 652 includes a microprocessor 602 that controlsthe overall operation of the electronic device 652. The above describedprocessor 302 is an example of the microprocessor 602. Themicroprocessor 602 interacts with the above described communicationssystem elements and also interacts with other device systems. In variousexamples, the electronic device 652 is able to include one or more ofvarious components such as a data storage 606, random access memory(RAM) 604, auxiliary input/output (I/O) device 638, data port 628,display 634, keyboard 636, earpiece 632, media reader 670, microphone630, a short-range communications system 620, a power system 622, anaudio plug 640, other systems, or combinations of these.

One or more power storage or supply elements, such as a battery 624, areconnected to a power system 622 to provide power to the circuits of theelectronic device 652. The power system 622 includes power distributioncircuitry for providing power to the electronic device 652 and alsocontains battery charging circuitry to manage recharging the battery 624(or circuitry to replenish power to another power storage element). Thepower system 622 receives electrical power from external power supply654. The power system 622 is able to be connected to the external powersupply 654 through a dedicated external power connector (not shown) orthrough power connections within the data port 628. The power system 622includes a battery monitoring circuit that is operable to provide astatus of one or more battery status indicators, such as remainingcapacity, temperature, voltage, electrical current consumption, and thelike, to various components of the electronic device 652.

The data port 628 is able to support data communications between theelectronic device 652 and other devices through various modes of datacommunications, such as high speed data transfers over opticalcommunications circuits. Data port 628 is able to support communicationswith, for example, an external computer or other device. In someexamples, the data port 628 is able to include electrical powerconnections to provide externally provided electrical power to theelectronic device 652, deliver electrical power from the electronicdevice 652 to other externally connected devices, or both. Data port 628of, for example, an electronic accessory is able to provide power to anelectronic circuit, such as microprocessor 602, and support exchangingdata between the microprocessor 602 and a remote electronic device thatis connected through the data port 628.

Data communication through data port 628 enables a user to setpreferences through the external device or through a softwareapplication and extends the capabilities of the device by enablinginformation or software exchange through direct connections between theelectronic device 652 and external data sources rather than via awireless data communication network. In addition to data communication,the data port 628 provides power to the power system 622 to charge thebattery 624 or to supply power to the electronic circuits, such asmicroprocessor 602, of the electronic device 652.

Operating system software used by the microprocessor 602 is stored indata storage 606. Examples of data storage 606 are able to include, forexample, flash memory, magnetic based storage devices, other volatile ornon-volatile data store elements, or the like. Some examples are able touse data storage 606 that includes a battery backed-up RAM or othernon-volatile storage data elements to store operating systems, otherexecutable programs, or both. The operating system software, deviceapplication software, or parts thereof, are able to be temporarilyloaded into volatile data storage such as RAM 604. Data received viawireless communication signals or through wired communications are alsoable to be stored to RAM 604.

The microprocessor 602, in addition to its operating system functions,is able to execute software applications on the electronic device 652. Aset of applications that control basic device operations, including atleast data and voice communication applications, is able to be installedon the electronic device 652 during manufacture. In an example, programsand other data used to support the processes described above are able tobe installed in the memory of the electronic device 652. Furtherexamples of applications that are able to be loaded onto the device maybe a personal information manager (PIM) application having the abilityto organize and manage data items relating to the device user, such as,but not limited to, e-mail, calendar events, voice mails, appointments,and task items. The applications are able to include the above describedbase applications, which may be installed during manufacture or fromanother trusted and verified source, along with user applications thatmay be installed at any time.

Further applications may also be loaded onto the electronic device 652through, for example, the wireless network 650, an auxiliary I/O device638, Data port 628, short-range communications system 620, or anycombination of these interfaces. Such applications are then able to beinstalled by a user in the RAM 604 or a non-volatile store for executionby the microprocessor 602.

In a data communication mode, a received signal such as a text messageor web page download is processed by the communication system, includingwireless receiver 612 and wireless transmitter 610, and communicateddata is provided the microprocessor 602, which is able to furtherprocess the received data. In some examples, the electronic device 652includes a display, output ports, or combinations of these. In suchexamples, the received data is able to be processed for output to thedisplay 634, or alternatively, to an auxiliary I/O device 638 or theData port 628. In examples of the electronic device 652 that include akeyboard 636 or other similar input facilities, a user of the electronicdevice 652 may also compose data items, such as e-mail messages, usingthe keyboard 636, which is able to include a complete alphanumerickeyboard or a telephone-type keypad, in conjunction with the display 634and possibly an auxiliary I/O device 638. Such composed items are thenable to be transmitted over a communication network through thecommunication system.

For voice communications, overall operation of the electronic device 652is substantially similar, except that received signals are generallyprovided to an earpiece 632 and signals for transmission are generallyproduced by a microphone 630. Alternative voice or audio I/O systems,such as a voice message recording system, may also be implemented on theelectronic device 652. Although voice or audio signal output isgenerally accomplished primarily through the earpiece 632, in examplesof electronic devices 652 that include a display 634, the display 634may also be used to provide an indication of the identity of a callingparty, the duration of a voice call, or other voice call relatedinformation, for example.

Depending on conditions or statuses of the electronic device 652, one ormore particular functions associated with a system circuit may bedisabled, or an entire system circuit may be disabled. For example, ifthe battery temperature is low, then voice functions may be disabled,but data communications, such as e-mail, may still be enabled over thecommunication system.

A short-range communications system 620 provides for data communicationbetween the electronic device 652 and different systems or devices,which need not necessarily be similar devices. For example, theshort-range communications system 620 includes an infrared device andassociated circuits and components or a Radio Frequency basedcommunication module such as one supporting Bluetooth® communications,to provide for communication with similarly-enabled systems and devices,including the data file transfer communications described above. Theshort-range communications system is also able to include one or more ofcomponents to support communications over wireless links such as Wi-Fi®,Near Field Communications (NFC), any other short range link, orcombinations of these

A media reader 670 is able to be connected to an auxiliary I/O device638 to allow, for example, loading computer readable program code of acomputer program product into the electronic device 652 for storage intoflash memory such as could be present in data storage 606. One exampleof a media reader 660 is an optical drive such as a CD/DVD drive, whichmay be used to store data to and read data from a computer readablemedium or storage product such as computer readable storage media 662.Examples of suitable computer readable storage media include opticalstorage media such as a CD or DVD, magnetic media, or any other suitabledata storage device. Media reader 660 is alternatively able to beconnected to the electronic device through the Data port 628 or computerreadable program code is alternatively able to be provided to theelectronic device 652 through the wireless network 650.

Information Processing System

The present subject matter can be realized in hardware, software, or acombination of hardware and software. A system can be realized in acentralized fashion in one computer system, or in a distributed fashionwhere different elements are spread across several interconnectedcomputer systems. Any kind of computer system—or other apparatus adaptedfor carrying out the methods described herein—is suitable. A typicalcombination of hardware and software could be a general purpose computersystem with a computer program that, when being loaded and executed,controls the computer system such that it carries out the methodsdescribed herein.

The present subject matter can also be embedded in a computer programproduct, which comprises some or all the features enabling theimplementation of some or all of the methods described herein, andwhich—when loaded in a computer system—is able to carry out thesemethods. Computer program in the present context means any expression,in any language, code or notation, of a set of instructions intended tocause a system having an information processing capability to perform aparticular function either directly or after either or both of thefollowing a) conversion to another language, code or, notation; and b)reproduction in a different material form.

Each computer system may include, inter alia, one or more computers andat least a computer readable medium allowing a computer to read data,instructions, messages or message packets, and other computer readableinformation from the computer readable medium. The computer readablemedium may include non-transitory computer readable storage mediumembodying non-volatile memory, such as read-only memory (ROM), flashmemory, disk drive memory, CD-ROM, and other permanent storage.Additionally, a computer medium may include volatile storage such asRAM, buffers, cache memory, and network circuits. Furthermore, thecomputer readable medium may comprise computer readable information in atransitory state medium such as a network link and/or a networkinterface, including a wired network or a wireless network, that allow acomputer to read such computer readable information.

Non-Limiting Examples

Although specific embodiments of the subject matter have been disclosed,those having ordinary skill in the art will understand that changes canbe made to the specific embodiments without departing from the spiritand scope of the disclosed subject matter. The scope of the disclosureis not to be restricted, therefore, to the specific embodiments, and itis intended that the appended claims cover any and all suchapplications, modifications, and embodiments within the scope of thepresent disclosure.

What is claimed is:
 1. A method of controlling functions, the methodcomprising: determining an occurrence of a start of an event, the eventcomprising a meeting of people occurring at a determined location, theevent having associated control requirements for devices allowed intothe event; based on determining the occurrence of the start of theevent, receiving a respective registration of a respective deviceassociated with a respective attendee of the event, each respectiveattendee being a person attending the meeting; confirming, based onreceiving the registration, receipt of an authenticated report from therespective device, the authenticated report comprising a specificationof control capabilities of the respective device and further comprisingverification of the respective device's secure operational state;comparing the specification of control capabilities of the respectivedevice and the verification of the respective device's secureoperational state received in the authenticated report to the controlrequirements associated with the event; verifying, based on thecomparing, compliance of the respective device with the controlrequirements for devices allowed into the event; applying, based onreceiving the respective registration, determining the occurrence of thestart of the event, and verifying compliance of the respective device,temporary restrictions to the respective device from which therespective registration is received; verifying, based on the applying,receipt of a validated report that the temporary restrictions have beenimposed; providing, based on a failure in verifying compliance of therespective device, a notification to one of a host or a guard at theevent that the respective device is not in compliance with the controlrequirements for devices allowed into the event; and removing, based ondetermining an occurrence of an end of the event, the temporaryrestrictions from the respective device.
 2. The method of claim 1,further comprising: identifying a host for the event, the host being aperson associated with the event; and providing authorization to adevice associated the host to modify a list of attendees of the eventand to modify the temporary restrictions, where authorization to modifya list of attendees comprises authorization to add and remove attendeesfrom the event, and wherein applying temporary restrictions is furtherbased on the respective attendee being on the list of attendees.
 3. Themethod of claim 1, further comprising: receive an identification of ahost for the event, the host being a person associated with the event;and providing authorization to a device associated with the host tomodify at least one of the start of the event and the end of the event.4. The method of claim 1, further comprising defining an eventdefinition, where defining the event definition comprises: defining thetemporary restrictions; defining control characteristics for devicesentering the event; defining a start time of the event; and defining atleast one of an end time of the event or a duration of the event.
 5. Themethod of claim 1, further comprising sending an invitation to eachattendee on a list of attendees, where the invitation comprises aspecification of specified control characteristics for devices allowedinto the event and the temporary restrictions, and wherein applyingtemporary restrictions is further based on the respective attendee beingon the list of attendees.
 6. The method of claim 1, further comprising:authenticating, at the respective device, characteristics of therespective device; verification of successful implementation of thetemporary restrictions defined for the event; and providing a reportverifying integrity of operations to implement the temporaryrestrictions and verifying integrity of policy control components of therespective device.
 7. An apparatus for controlling functions on devices,the apparatus comprising: a processor that when operating, is adaptedto: determine an occurrence of a start of an event, the event comprisinga meeting of people occurring at a determined location, the event havingassociated control requirements for devices allowed into the event;based on a determination of the occurrence of the start of the event,receive a respective registration of a respective device associated witha respective attendee of the event, each respective attendee being aperson attending the meeting; confirm, based on receipt of theregistration, receipt of an authenticated report from the respectivedevice, the authenticated report comprising a specification of controlcapabilities of the respective device and further comprisingverification of the respective device's secure operational state;compare the specification of control capabilities of the respectivedevice and the verification of the respective device's secureoperational state received in the authenticated report to the controlrequirements associated with the event; verify, based on comparison ofthe specification of control capabilities and the verification of therespective device's secure operational state, compliance of therespective device with the control requirements for devices allowed intothe event; apply, based on the respective registration, the occurrenceof the start of the event, and verification of compliance of therespective device, temporary restrictions to the respective device fromwhich the respective registration is received; verify, based onapplication of temporary restrictions, receipt of a validated reportthat the temporary restrictions have been imposed; provide, based on afailure to verify compliance of the respective device, a notification toone of a host or a guard at the event that the respective device is notin compliance with the control requirements for devices allowed into theevent; and remove, based on a determination of an occurrence of an endof the event, the temporary restrictions from the respective device. 8.The apparatus of claim 7, the processor, when operating, being furtheradapted to: receive an identification of a host for the event, the hostbeing a person associated with the event; and provide authorization to adevice associated with the host to modify a list of attendees of theevent and to modify the temporary restrictions, where authorization tomodify a list of attendees comprises authorization to add and removeattendees from the event, and wherein application of the temporaryrestrictions is further based on the respective attendee being on thelist of attendees.
 9. The apparatus of claim 7, the processor, whenoperating, being further adapted to: receive an identification of a hostfor the event, the host being a person associated with the event; andprovide authorization to a device associated with the host to modify atleast one of the start of the event and the end of the event.
 10. Theapparatus of claim 7, the processor, when operating, being furtheradapted to define an event definition, where the event definitioncomprises: the temporary restrictions; control characteristics fordevices entering the event; a start time of the event; and at least oneof an end time of the event or a duration of the event.
 11. Theapparatus of claim 7, the processor, when operating, being furtheradapted to send an invitation to each attendee on a list of attendees,where the invitation comprises a specification of specified controlcharacteristics for devices allowed into the event and the temporaryrestrictions, and wherein application of the temporary restrictions isfurther based on the respective attendee being on the list of attendees.12. A non-transitory computer readable storage medium having computerreadable program code embodied therewith, the computer readable programcode comprising instructions for: determining an occurrence of a startof an event, the event comprising a meeting of people occurring at adetermined location, the event having associated control requirementsfor devices allowed into the event; based on determining the occurrenceof the start of the event, receiving a respective registration of arespective device associated with a respective attendee of the event,each respective attendee being a person attending the meeting;confirming, based on receiving the registration, receipt of anauthenticated report from the respective device, the authenticatedreport comprising a specification of control capabilities of therespective device and further comprising verification of the respectivedevice's secure operational state; comparing the specification ofcontrol capabilities of the respective device and the verification ofthe respective device's secure operational state received in theauthenticated report to the control requirements associated with theevent; verifying, based on the comparing, compliance of the respectivedevice with the control requirements for devices allowed into the event;applying, based on receiving the respective registration, determiningthe occurrence of the start of the event, and verifying compliance ofthe respective device, temporary restrictions to the respective devicefrom which the respective registration is received; verifying, based onthe applying, receipt of a validated report that the temporaryrestrictions have been imposed; providing, based on a failure inverifying compliance of the respective device, a notification to one ofa host or a guard at the event that the respective device is not incompliance with the control requirements for devices allowed into theevent; and removing, based on determining an occurrence of an end of theevent, the temporary restrictions from the respective device.
 13. Thenon-transitory computer readable storage medium of claim 12, thecomputer readable program code further comprising instructions for:identifying a host for the event, the host being a person associatedwith the event; and providing authorization to a device associated thehost to modify a list of attendees of the event and to modify thetemporary restrictions, where authorization to modify a list ofattendees comprises authorization to add and removes attendees from theevent, and wherein applying temporary restrictions is further based onthe respective attendee being on the list of attendees.
 14. Thenon-transitory computer readable storage medium of claim 12, thecomputer readable program code further comprising instructions for:receive an identification of a host for the event, the host being aperson associated with the event; and providing authorization to adevice associated with the host to modify at least one of the start ofthe event and the end of the event.
 15. The non-transitory computerreadable storage medium of claim 12, the computer readable program codefurther comprising instructions for defining an event definition, wherethe instructions for defining the event definition further comprisesinstructions for: defining the temporary restrictions; defining controlcharacteristics for devices entering the event; defining a start time ofthe event; and defining at least one of an end time of the event or aduration of the event.
 16. The non-transitory computer readable storagemedium of claim 12, the computer readable program code furthercomprising instructions for sending an invitation to each attendee on alist of attendees, where the invitation comprises a specification ofspecified control characteristics for devices allowed into the event andthe temporary restrictions, and wherein applying temporary restrictionsis further based on the respective attendee being on the list ofattendees.